GNU bug report logs - #50921
GNU ELPA TLS errors: server is returning chain with expired root

Previous Next

Package: emacs;

Reported by: John Cummings <john <at> rootabega.net>

Date: Thu, 30 Sep 2021 20:25:01 UTC

Severity: normal

Done: Eli Zaretskii <eliz <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: John Cummings <john <at> rootabega.net>
To: 50921 <at> debbugs.gnu.org
Subject: bug#50921: GNU ELPA TLS errors: server is returning chain with expired root
Date: Thu, 30 Sep 2021 20:47:38 +0000

John Cummings <john <at> rootabega.net> wrote:

> It appears that elpa.gnu.org is returning a certificate chain referring
> to a root certificate that expired today. (More info:
> https://twitter.com/letsencrypt/status/1443621997288767491) I don't know
> if GnuTLS is supposed to be able to work around this (Firefox seems to, for instance)

One possibility (and note here that I'm clearly not a TLS expert) is that
Firefox recognizes the intermediate cert "ISRG Root X1" as one that is also
now a trusted root cert, and so short circuits the rest of the chain,
ignoring the expired cross-signature. Is this something that is possible
and desirable to have Emacs do with GnuTLS?

This bug report was last modified 3 years and 231 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #50921 GNU ELPA TLS errors: server is returning chain with expired root

GNU bug report logs - #50921
GNU ELPA TLS errors: server is returning chain with expired root